this variable. `samba-tool --color=always` will use colour regardless
of NO_COLOR.
+New wbinfo option --change-secret-at
+------------------------------------
+The wbinfo command has a new option, --change-secret-at=<DOMAIN CONTROLLER>
+which forces the trust account password to be changed at a specified domain
+controller. If the specified domain controller cannot be contacted the
+password change fails rather than trying other DCs.
REMOVED FEATURES
return true;
}
+/* Change trust account password chose Domain Controller */
+
+static bool wbinfo_change_secret_at(const char *domain,
+ const char *domain_controller)
+{
+ wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+ struct wbcAuthErrorInfo *error = NULL;
+ const char *domain_name;
+
+ if (domain) {
+ domain_name = domain;
+ } else {
+ domain_name = get_winbind_domain();
+ }
+
+ wbc_status = wbcChangeTrustCredentialsAt(
+ domain_name, domain_controller, &error);
+
+ d_printf("changing the trust secret for domain %s via RPC calls %s\n",
+ domain_name,
+ WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
+
+ if (wbc_status == WBC_ERR_AUTH_ERROR) {
+ d_fprintf(stderr, "wbcChangeTrustCredentials(%s): "
+ "error code was %s (0x%x)\n",
+ domain_name, error->nt_string, error->nt_status);
+ wbcFreeMemory(error);
+ }
+ if (!WBC_ERROR_IS_OK(wbc_status)) {
+ d_fprintf(stderr, "failed to call wbcChangeTrustCredentials: "
+ "%s\n", wbcErrorString(wbc_status));
+ return false;
+ }
+
+ return true;
+}
+
/* Check DC connection */
static bool wbinfo_ping_dc(const char *domain)
OPT_LOGOFF_USER,
OPT_LOGOFF_UID,
OPT_LANMAN,
- OPT_KRB5CCNAME
+ OPT_KRB5CCNAME,
+ OPT_CHANGE_SECRET_AT
};
int main(int argc, const char **argv, char **envp)
.val = 'c',
.descrip = "Change shared secret",
},
+ {
+ .longName = "change-secret-at",
+ .shortName = 0,
+ .argInfo = POPT_ARG_STRING,
+ .arg = &string_arg,
+ .val = OPT_CHANGE_SECRET_AT,
+ .descrip = "Change shared secret at Domain Controler" },
{
.longName = "ping-dc",
.shortName = 'P',
goto done;
}
break;
+ case OPT_CHANGE_SECRET_AT:
+ if (!wbinfo_change_secret_at(opt_domain_name, string_arg)) {
+ d_fprintf(stderr, "Could not change secret\n");
+ goto done;
+ }
+ break;
case 'P':
if (!wbinfo_ping_dc(opt_domain_name)) {
goto done;